Prominent security analyst John Pescatore has put a new twist on the Windows cost of ownership debate with a call for enterprises to add the expense of managed intrusion prevention software to the price of Microsoft's operating systems.

Pescatore, a vice president and research fellow at Gartner, said
companies must recognize that the expense of configuring systems to deal with critical security vulnerabilities must be included in the total cost of ownership when alternatives to Windows servers and PCs are being evaluated.

"Many of the vulnerabilities that continue to be identified in Windows 2000, XP and Server 2003 are easily exploitable," Pescatore wrote in a research note. "Attackers will continue to develop worms that will cause damage equal to, or more severe than, the system shutdowns and network congestion caused by the Slammer worm. Enterprises that are dependent on Windows systems must invest both in means to patch more quickly and in host-based intrusion prevention software for all Windows PCs and servers."

In an interview with internetnews.com, Pescatore said the rate of
mass worm attacks against the Windows operating system has speeded up
rapidly since the destructive Blaster worm hit enterprise networks last
summer. "The appearance of the [newer Sasser] worm makes it the shortest
time ever -- just 18 days -- between the appearance of a vulnerability and
the beginning of an attack," he said.

Because malicious attackers are coming up with exploits in such a short
time, Pescatore said enterprises are forced to include configuration
management and software distribution system or patch management systems
alongside firewalls, anti-virus and behavior-based intrusion prevention
software for all Windows PCs and servers.

"Even though the market for host-based intrusion prevention software will
not be mature until the end of 2005, enterprises must budget for, and
procure, these products now to secure their critical Windows-based systems,"
he added.

He said businesses have opted to use Windows because it's cheaper and
easier to support, but with the recent spate of mass attacks targeting flaws
in the software, Pescatore believes the real cost of ownership is much
higher. "Every time you budget to put Windows somewhere, you have to start
budgeting for intrusion detection," he said. "The attacks are coming faster
and faster and, in some cases, there is the potential for day-zero
attacks."

"We don't see enterprises including those costs when they're comparing
alternatives, but those are significant add-on costs," he added.

Pescatore recommends that enterprises budget adequate additional funds to
expand security efforts. "Enterprises that have not yet made investments in
configuration management and software distribution: Allocate funds for
patch management systems that can make patching before attacks more
feasible, while also ensuring the stability of Windows systems. Simply
turning on Windows' automatic update feature is not enough."

The cost of ownership issue was at the heart of recent
debate between supporters of the open-source Linux operating system and
research firms hired by Microsoft.

Supporters of Linux cried foul when Microsoft released research reports
commissioned from research firms IDC, Giga Research and the META Group that
questioned total cost of ownership (TCO) of Linux. The analysts had pegged
Windows enterprise server environments as less expensive to maintain than
comparable Linux setups.